security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

gpgsm: Simplify the expiration check.

Browse Source 
* sm/certlist.c (gpgsm_add_to_certlist): Remove the on-demand setting
of the current time.
This commit is contained in:
Werner Koch 2025-03-18 12:21:57 +01:00
parent ad8bce774d
commit 2869de63b5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
sm/certlist.c
View File

@ -337,9 +337,10 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
KEYDB_HANDLE kh = NULL; KEYDB_HANDLE kh = NULL;
ksba_cert_t cert = NULL; ksba_cert_t cert = NULL;
ksba_isotime_t current_time = {0, }; ksba_isotime_t current_time;
ksba_isotime_t exp_time = {0, }; ksba_isotime_t exp_time = {0};
int current_time_loaded = 0;
gnupg_get_isotime (current_time);
rc = classify_user_id (name, &desc, 0); rc = classify_user_id (name, &desc, 0);
if (!rc) if (!rc)
@ -370,15 +371,9 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
rc = secret? gpgsm_cert_use_sign_p (cert, 0) rc = secret? gpgsm_cert_use_sign_p (cert, 0)
: gpgsm_cert_use_encrypt_p (cert); : gpgsm_cert_use_encrypt_p (cert);
if (!rc) if (!rc)
{ rc = check_validity_period_cm (current_time, current_time,
if (!current_time_loaded) cert, exp_time, 0, NULL, 0, 0);
{
gnupg_get_isotime (current_time);
current_time_loaded = 1;
}
rc = check_validity_period_cm (current_time, current_time,
cert, exp_time, 0, NULL, 0, 0);
}
if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE) if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
{ {
/* There might be another certificate with the /* There might be another certificate with the
@ -443,12 +438,6 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
{ {
gpg_err_code_t tmp; gpg_err_code_t tmp;
if (!current_time_loaded)
{
gnupg_get_isotime (current_time);
current_time_loaded = 1;
}
if (same_subject_issuer (first_subject, if (same_subject_issuer (first_subject,
first_issuer, first_issuer,
cert2)) cert2))
@ -620,6 +609,7 @@ gpgsm_find_cert (ctrl_t ctrl,
ksba_isotime_t notbefore = ""; ksba_isotime_t notbefore = "";
const unsigned char *image = NULL; const unsigned char *image = NULL;
size_t length = 0; size_t length = 0;
if (allow_ambiguous) if (allow_ambiguous)
{ {
/* We want to return the newest certificate */ /* We want to return the newest certificate */